1. Field of the Invention
The invention relates to a pay broadcasting system and, more particularly, to a method of and a system for blocking illegal access to a downloaded and stored program in a subscriber terminal in such a pay broadcasting system.
2. Description of the Prior Art
In a pay broadcasting system, a central station (or program provider) generally broadcasts a scrambled program, permitting a subscriber to unscramble the scrambled program only when the execution of the scrambled program is valid.
Such pay broadcasting system usually uses three kinds of keys: a scramble keys (SKt) updated frequently, say, every second (the suffix t denotes an update time); a work key (WKi) assigned to each of the subscriber terminals (the suffix i is a serial number assigned to a respective subscriber terminal) and updated at the time of renewal of the subscription contract (e.g., once a year); and a master key (MKi) issued to each of the subscriber terminals, stored in an IC (integrated circuit) card and set in the subscriber terminal. The central station scrambles data (PD) of each program with a scramble key of the time to provide scramble key-scrambled data (hereinafter, denoted as xe2x80x9cSKt[PD]xe2x80x9d), while encrypting each of the scramble keys used for the program with each of the work keys associated with the subscriber terminals to provide work key-encrypted scramble keys WK1[SKt], WK2[SKt], . . . , WKN[SKt], where N is the number of subscriber terminals served by the program provider. At the time of renewal of the subscription contract for the subscriber (terminal) and the program provider, the central station encrypts a new work key (WKi) for the subscriber terminal with the master key associated with the subscriber terminal (i) and issues an IC card which stores a master key-encrypted work key MKi[WKi]. The scramble key-scrambled data, the work key-encrypted scramble keys and the master key-encrypted work keys are multiplexed and broadcast from the center station. If a subscriber terminal has a valid master key of its own, then the terminal can decrypt the master key-encrypted work key MKi[WKi] with its own master key into the work key WKi; decrypt the work key-encrypted scramble keys WKi[SKt] with the work key WKi into the scramble key SKt; and unscramble the scramble key-scrambled data SKt[PD] with the scramble key SKt to finally obtain and enjoy the program data PD.
Japanese unexamined patent publication No. Hei10-11894 (1998) by Karino et al. discloses a system for receiving, recording and playing a pay scrambled broadcast program. If the system is to store a received program, the system also stores key information necessary for playing the stored program. This enables the system to unscramble the stored scrambled program by reading out the stored key information and using the information in the same manner as in case of real time reception. The system is also provided with means for prohibiting playing of a stored problem if the availability of the stored program has expired.
However, if an attacker breaks the work key of a subscriber terminal, the attacker can illegally enjoy the programs broadcast thereafter and having been stored so far until the available period of the work key expires. Once a work key is broken, the stored programs can be used regardless of the available periods of the stored programs even if the system is provided with the above-mentioned prohibiting means. The loss due to the illegal use of broadcast programs can be reduced by shorten the available period of the work keys. However, updating the work keys for hundreds of thousands of subscriber terminals in a short time is impracticable because it takes a lot of time to encrypt each (WKi) of such a lot of work keys with a respective master key (MKi).
The foregoing program in the prior art has been solved in accordance with the present invention.
In a pay broadcasting system including a central station and a subscriber terminal, data of a broadcast program is scrambled with a scramble key updated in a short period. The scramble key is encrypted with a first key assigned to the subscriber terminal. The first key being encrypted with a first master key set in the subscriber terminal. According to the present invention, a method of enhancing security of a broadcast program stored for subsequent use in the subscriber terminal in such a broadcasting system. In the central station, a second key-encrypted scramble key is generated by encrypting the scramble key with a second key different from the first key and changeable in an interval shorter than an update interval of the first key. An encrypted second key is generated by encrypting the second key with a second master key which has been commonly issued to subscriber terminals served by the central station, The second key-encrypted scramble key and the encrypted second key are broadcast together with the scrambled program, the first key-encrypted scramble key and the encrypted first key in a multiplexed manner. In the subscriber terminal, When a broadcast program is stored for subsequent use, the scrambled data of the broadcast program and the second key-encrypted scramble key are stored; the encrypted second key is decrypted with the second master key into the second key, which is added to a stored program second key list. If the stored program is to be executed, the second key-encrypted scramble key is decrypted with a corresponding one of the second keys in the stored program second key list into a decrypted scramble key; and the scrambled data of the broadcast program is unscrambled with the decrypted scramble key.
In one embodiment, the second master key is distributed stored in an IC card.
Alternatively, the second master key may be encrypted with the first master key and broadcast to the terminals. In this case, the terminal decrypts the encrypted second master key into a decrypted second master key, and uses the decrypted second master key for decryption of the encrypted second key.
In a preferred embodiment, each of the broadcast programs is assigned a respective second key.
In the embodiment, at a time of generating an encrypted key, an ID of the key used for the generation is also generated such that the generated encrypted key and corresponding ID are treated in a pair. The central station is permitted to broadcast a new second key for a program that has broadcast before. If a second key with an ID that accords with an ID of any second key in the stored program second key list is received in a subscriber terminal, the terminal replace the found second key with the received second key. This feature enables the central station to prohibit the use of any broadcast program at any desired time.